Merge pull request zendframework/zendframework#5301 from Maks3w/hotfi…

…x/http-fieldname-check [http] Adapt header field name validation to RFC definition
zendframework · Oct 22, 2013 · fb43d3c · fb43d3c
2 parents 1417bdb + 8a625e4
commit fb43d3c
Show file tree

Hide file tree

Showing 2 changed files with 127 additions and 7 deletions.
diff --git a/src/Header/GenericHeader.php b/src/Header/GenericHeader.php
@@ -80,21 +80,25 @@ public function __construct($fieldName = null, $fieldValue = null)
      *
      * @param  string $fieldName
      * @return GenericHeader
-     * @throws Exception\InvalidArgumentException(
+     * @throws Exception\InvalidArgumentException If the name does not match with RFC 2616 format.
      */
     public function setFieldName($fieldName)
     {
         if (!is_string($fieldName) || empty($fieldName)) {
             throw new Exception\InvalidArgumentException('Header name must be a string');
         }
 
-        // Pre-filter to normalize valid characters, change underscore to dash
-        $fieldName = str_replace(' ', '-', ucwords(str_replace(array('_', '-'), ' ', $fieldName)));
-
-        // Validate what we have
-        if (!preg_match('/^[a-z][a-z0-9-]*$/i', $fieldName)) {
+        /*
+         * Following RFC 2616 section 4.2
+         *
+         * message-header = field-name ":" [ field-value ]
+         * field-name     = token
+         *
+         * @see http://tools.ietf.org/html/rfc2616#section-2.2 for token definition.
+         */
+        if (!preg_match('/^[!#-\'*+\-\.0-9A-Z\^-z|~]+$/', $fieldName)) {
             throw new Exception\InvalidArgumentException(
-                'Header name must start with a letter, and consist of only letters, numbers, and dashes'
+                'Header name must be a valid RFC 2616 (section 4.2) field-name.'
             );
         }
 

diff --git a/test/Header/GenericHeaderTest.php b/test/Header/GenericHeaderTest.php
@@ -0,0 +1,116 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+namespace ZendTest\Http\Header;
+
+use Zend\Http\Header\Exception\InvalidArgumentException;
+use Zend\Http\Header\GenericHeader;
+use PHPUnit_Framework_TestCase as TestCase;
+
+class GenericHeaderTest extends TestCase
+{
+    /**
+     * @param string $name
+     * @dataProvider validFieldNameChars
+     */
+    public function testValidFieldName($name)
+    {
+        try {
+            new GenericHeader($name);
+        } catch (InvalidArgumentException $e) {
+            $this->assertEquals(
+                 $e->getMessage(),
+                     'Header name must be a valid RFC 2616 (section 4.2) field-name.'
+            );
+            $this->fail('Allowed char rejected: ' . ord($name)); // For easy debug
+        }
+    }
+
+    /**
+     * @param string $name
+     * @dataProvider invalidFieldNameChars
+     */
+    public function testInvalidFieldName($name)
+    {
+        try {
+            new GenericHeader($name);
+            $this->fail('Invalid char allowed: ' . ord($name)); // For easy debug
+        } catch (InvalidArgumentException $e) {
+            $this->assertEquals(
+                 $e->getMessage(),
+                     'Header name must be a valid RFC 2616 (section 4.2) field-name.'
+            );
+        }
+    }
+
+    /**
+     * Valid field name characters.
+     *
+     * @return string[]
+     */
+    public function validFieldNameChars()
+    {
+        return array(
+            array('!'),
+            array('#'),
+            array('$'),
+            array('%'),
+            array('&'),
+            array("'"),
+            array('*'),
+            array('+'),
+            array('-'),
+            array('.'),
+            array('0'), // Begin numeric range
+            array('9'), // End numeric range
+            array('A'), // Begin upper range
+            array('Z'), // End upper range
+            array('^'),
+            array('_'),
+            array('`'),
+            array('a'), // Begin lower range
+            array('z'), // End lower range
+            array('|'),
+            array('~'),
+        );
+    }
+
+    /**
+     * Invalid field name characters.
+     *
+     * @return string[]
+     */
+    public function invalidFieldNameChars()
+    {
+        return array(
+            array("\x00"), // Min CTL invalid character range.
+            array("\x1F"), // Max CTL invalid character range.
+            array('('),
+            array(')'),
+            array('<'),
+            array('>'),
+            array('@'),
+            array(','),
+            array(';'),
+            array(':'),
+            array('\\'),
+            array('"'),
+            array('/'),
+            array('['),
+            array(']'),
+            array('?'),
+            array('='),
+            array('{'),
+            array('}'),
+            array(' '),
+            array("\t"),
+            array("\x7F"), // DEL CTL invalid character.
+        );
+    }
+}